Lucene search
K

75 matches found

Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.15 views

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

5.5AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/23 12:0 a.m.4 views

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, USA. A security vulnerability exists in Enhancesoft osTicket v1.17.2. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Role Name parameter...

4.8CVSS6.7AI score0.00354EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.13 views

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

5.5AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/23 12:0 a.m.4 views

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, USA. A security vulnerability exists in Enhancesoft osTicket v1.17.2. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Label input paramete...

4.8CVSS6.7AI score0.00354EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.27 views

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

5.1AI score0.00354EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.29 views

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

5.1AI score0.00354EPSS
Exploits1References1
CVE
CVE
added 2023/10/23 12:0 a.m.57 views

CVE-2023-27149

CVE-2023-27149 describes a stored XSS in Enhancesoft osTicket v1.17.2, exploitable via crafted payload in the Label input during a custom list update. Affected component: Label field handling in osTicket’s custom lists. Impact per sources: execution of arbitrary web scripts/HTML. Root cause: inpu...

4.8CVSS4.9AI score0.00354EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/10/23 12:0 a.m.118 views

CVE-2023-27148

CVE-2023-27148 describes a stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket Admin panel (v1.17.2). The flaw allows an attacker to inject arbitrary web scripts or HTML via the Role Name parameter, enabling potential script execution in the context of authenticated users with...

4.8CVSS4.9AI score0.00354EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/09/08 12:0 a.m.3 views

Enhancesoft osTicket SQL Injection Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. A security vulnerability exists in Enhancesoft osTicket v1.15.6, which originates from an SQL injection vulnerability in the Search function of the tickets.php page, allowing an authenticated attacker to execute...

6.5CVSS8.4AI score0.02808EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.5 views

Enhancesoft osTicket 安全漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket that stems from a lengthy password that can lead to a denial of service in the system...

7.5CVSS7.3AI score0.00999EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.4 views

Enhancesoft osTicket SQL注入漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, USA. A security vulnerability exists in osTicket osTicket-plugins, which stems from the presence of a SQL injection vulnerability...

9.8CVSS8.6AI score0.01503EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.4 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A cross-site scripting vulnerability exists in versions prior to Enhancesoft osTicket v1.16.6, which stems from the presence of a Reflected Cross-Site Scripting XSS vulnerability...

5.4CVSS5.3AI score0.01059EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.3 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A cross-site scripting vulnerability exists in versions prior to Enhancesoft osTicket v1.16.6, which stems from the presence of a cross-site scripting XSS vulnerability...

5.4CVSS5.3AI score0.01015EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.4 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A cross-site scripting vulnerability exists in Enhancesoft osTicket versions prior to 1.16.6, which stems from the presence of a stored cross-site scripting XSS vulnerability. The vulnerability ca...

5.4CVSS4.8AI score0.00514EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.5 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket versions prior to 1.16.4. The vulnerability stems from setting an ordinary user's username as the XSS payload, and then placing the same XSS...

8CVSS6.7AI score0.00673EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.6 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket, which stems from its component audit/class.audit.php that allows attackers to execute arbitrary web script or HTML via a crafted SVG file...

5.4CVSS6.2AI score0.01232EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.5 views

Enhancesoft osTicket SQL注入漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket that originates from an SQL injection during the login and password reset process. An attacker could exploit this vulnerability to gain acce...

9.8CVSS8.5AI score0.00967EPSS
Exploits0References2
OSV
OSV
added 2021/06/28 7:15 p.m.20 views

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

6.1CVSS6.4AI score
Exploits0References1
NVD
NVD
added 2021/06/28 7:15 p.m.39 views

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

6.1CVSS0.00686EPSS
Exploits0References1
NVD
NVD
added 2021/06/28 7:15 p.m.26 views

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

6.1CVSS0.00672EPSS
Exploits0References1
Rows per page
Query Builder